Question

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:

A. Just a network monitoring tool
B. A signature-based IDS
C. A hybrid IDS
D. A behavior-based IDS

Answer 1

The solution developed by Bob is a behavior-based IDS, which monitors network traffic and produces alerts based on the average number of packets sent by all origins and using thresholds.

Step-by-step explanation:

The solution developed by Bob for monitoring network traffic and producing alerts when any origin sends "many" IP packets is a behavior-based IDS.

A behavior-based IDS is designed to detect suspicious or abnormal behavior on a network rather than relying on known signatures. In this case, the application monitors the average number of packets sent by all origins and uses thresholds to identify potentially malicious activity.

This approach is different from a signature-based IDS, which matches patterns or signatures of known attacks, and a hybrid IDS, which combines both signature-based and behavior-based techniques.

Answer 2

A. Just a network monitoring tool.

Step-by-step explanation:

Bob create the application using C language to monitor the network traffic and the application produces alert when the origin sends many IP packets.

So the application created by bob is a simple network monitoring tool which monitors the network traffic and alerts when the send IP packets more than the threshold number of packets.